From 547a7d215fa680ba6a8126fce2d59cefaf769263 Mon Sep 17 00:00:00 2001
From: Rafal Harabien <rafalh@reactos.org>
Date: Fri, 25 Mar 2011 22:28:15 +0000
Subject: [PATCH] [NTOSKRNL]

Change strncpy calls to RtlStringSbCopyA (PART 1/x)
Fix bug in MmLoadSystemImage which caused FileName parameter to be freed

svn path=/trunk/; revision=51138
---
 reactos/ntoskrnl/kdbg/kdb_cli.c   |  9 +++------
 reactos/ntoskrnl/ke/freeldr.c     | 17 ++++++++++-------
 reactos/ntoskrnl/mm/ARM3/sysldr.c | 10 +++++-----
 3 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/reactos/ntoskrnl/kdbg/kdb_cli.c b/reactos/ntoskrnl/kdbg/kdb_cli.c
index a0d5135f929..a45009cf7c1 100644
--- a/reactos/ntoskrnl/kdbg/kdb_cli.c
+++ b/reactos/ntoskrnl/kdbg/kdb_cli.c
@@ -2490,14 +2490,12 @@ KdbpReadCommand(
              */
             if (Buffer == Orig)
             {
-                strncpy(Buffer, LastCommand, Size);
-                Buffer[Size - 1] = '\0';
+                RtlStringCbCopyA(Buffer, Size, LastCommand);
             }
             else
             {
                 *Buffer = '\0';
-                strncpy(LastCommand, Orig, sizeof (LastCommand));
-                LastCommand[sizeof (LastCommand) - 1] = '\0';
+                RtlStringCbCopyA(LastCommand, sizeof(LastCommand), Orig);
             }
 
             return;
@@ -2614,8 +2612,7 @@ KdbpDoCommand(
     static PCH Argv[256];
     static CHAR OrigCommand[1024];
 
-    strncpy(OrigCommand, Command, sizeof(OrigCommand) - 1);
-    OrigCommand[sizeof(OrigCommand) - 1] = '\0';
+    RtlStringCbCopyA(OrigCommand, sizeof(OrigCommand), Command);
 
     Argc = 0;
     p = Command;
diff --git a/reactos/ntoskrnl/ke/freeldr.c b/reactos/ntoskrnl/ke/freeldr.c
index 9dfc8eb9e07..2e0d17ce178 100644
--- a/reactos/ntoskrnl/ke/freeldr.c
+++ b/reactos/ntoskrnl/ke/freeldr.c
@@ -947,6 +947,8 @@ KiRosFrldrLpbToNtLpb(IN PROS_LOADER_PARAMETER_BLOCK RosLoaderBlock,
     WCHAR PathSetup[] = L"\\SystemRoot\\";
     CHAR DriverNameLow[256];
     ULONG Base;
+    size_t Remaining;
+    WCHAR *StringEnd;
 #if defined(_PPC_)
     ULONG KernelBase = RosLoaderBlock->ModsAddr[0].ModStart;
 #endif
@@ -1123,7 +1125,7 @@ KiRosFrldrLpbToNtLpb(IN PROS_LOADER_PARAMETER_BLOCK RosLoaderBlock,
 
         /* Construct a correct full name */
         BldrModuleStringsFull[i][0] = 0;
-        LdrEntry->FullDllName.MaximumLength = 260 * sizeof(WCHAR);
+        LdrEntry->FullDllName.MaximumLength = sizeof(BldrModuleStringsFull[i]);
         LdrEntry->FullDllName.Length = 0;
         LdrEntry->FullDllName.Buffer = BldrModuleStringsFull[i];
 
@@ -1256,25 +1258,26 @@ KiRosFrldrLpbToNtLpb(IN PROS_LOADER_PARAMETER_BLOCK RosLoaderBlock,
     /* Find the first \, separating the ARC path from NT path */
     BootPath = strchr(CommandLine, '\\');
     *BootPath = ANSI_NULL;
-    strncpy(BldrArcBootPath, CommandLine, 63);
+    RtlStringCbCopyA(BldrArcBootPath, sizeof(BldrArcBootPath), CommandLine);
     LoaderBlock->ArcBootDeviceName = BldrArcBootPath;
 
     /* The rest of the string is the NT path */
     HalPath = strchr(BootPath + 1, ' ');
     *HalPath = ANSI_NULL;
-    BldrNtBootPath[0] = '\\';
-    strncat(BldrNtBootPath, BootPath + 1, 61);
-    strcat(BldrNtBootPath,"\\");
+    Remaining = sizeof(BldrNtBootPath);
+    RtlStringCbCopyExA(BldrNtBootPath, Remaining, "\\", &StringEnd, &Remaining, 0);
+    RtlStringCbCopyExA(StringEnd, Remaining, BootPath + 1, &StringEnd, &Remaining, 0);
+    RtlStringCbCopyA(StringEnd, Remaining, "\\");
     LoaderBlock->NtBootPathName = BldrNtBootPath;
 
     /* Set the HAL paths */
-    strncpy(BldrArcHalPath, BldrArcBootPath, 63);
+    RtlStringCbCopyA(BldrArcHalPath, sizeof(BldrArcHalPath), BldrArcBootPath);
     LoaderBlock->ArcHalDeviceName = BldrArcHalPath;
     strcpy(BldrNtHalPath, "\\");
     LoaderBlock->NtHalPathName = BldrNtHalPath;
 
     /* Use this new command line */
-    strncpy(LoaderBlock->LoadOptions, HalPath + 2, 255);
+    RtlStringCbCopyA(LoaderBlock->LoadOptions, 255, HalPath + 2);
 
     /* Parse it and change every slash to a space */
     BootPath = LoaderBlock->LoadOptions;
diff --git a/reactos/ntoskrnl/mm/ARM3/sysldr.c b/reactos/ntoskrnl/mm/ARM3/sysldr.c
index 22d0792cc97..443a33d5e63 100644
--- a/reactos/ntoskrnl/mm/ARM3/sysldr.c
+++ b/reactos/ntoskrnl/mm/ARM3/sysldr.c
@@ -710,9 +710,9 @@ MiSnapThunk(IN PVOID DllBase,
         NameImport = (PIMAGE_IMPORT_BY_NAME)Name->u1.AddressOfData;
 
         /* Copy the procedure name */
-        strncpy(*MissingApi,
-                (PCHAR)&NameImport->Name[0],
-                MAXIMUM_FILENAME_LENGTH - 1);
+        RtlStringCbCopyA(*MissingApi,
+                         MAXIMUM_FILENAME_LENGTH,
+						 (PCHAR)&NameImport->Name[0]);
 
         /* Setup name tables */
         DPRINT("Import name: %s\n", NameImport->Name);
@@ -3000,8 +3000,8 @@ Quickie:
     /* If we have a file handle, close it */
     if (FileHandle) ZwClose(FileHandle);
 
-    /* Check if we had a prefix */
-    if (NamePrefix) ExFreePool(PrefixName.Buffer);
+    /* Check if we had a prefix (not supported yet - PrefixName == *FileName now) */
+    /* if (NamePrefix) ExFreePool(PrefixName.Buffer); */
 
     /* Free the name buffer and return status */
     ExFreePoolWithTag(Buffer, TAG_LDR_WSTR);
-- 
2.17.1